New identity verification system seeks to better secure e-commerce

Jul 23, 2013

E-commerce security startup Payfont, led by credit card and banking industry expert Dr. David Lanc, has released a beta version of its comprehensive patented system for securing personal and financial identity, available now to banks, e-commerce processors, credit card companies, and their consumers and merchants.

“We face an ever-expanding pandemic of financial fraud in part created by our financial system,” said Dr. Lanc. “Everyone is vulnerable because of two fundamental flaws in our system. First, because our identity verification systems are standardized all over the world, every identity thief knows exactly what information she must steal in order to impersonate someone (e.g. name, address, credit card number, expiration date, security code, phone number, email). Second, we are constantly required to transmit exactly that information in e-commerce so there are constant opportunities to steal.”

Payfont has developed a system the company says is a more effective and predictable means of verifying the identities of both parties to a transaction while transmitting financial data far more securely. As an example of how it works:

A retailer or bank has integrated Payfont software into its e-commerce and mobile commerce systems. A consumer who has a Payfont account comes to the retailer website and selects an item to purchase. She is identified by whatever method she has previously chosen when setting up her Payfont account. Maybe she uses a voice biometric, maybe she has set up security questions, or perhaps she has decided she will enter credit card information to identify herself (though she may not ultimately pay with the credit card information she enters). Payfont also validates the identity of the retailer, ensuring the consumer is not attempting to purchase something from a fake website.

The parties to the transaction and the transaction itself have now been validated but the transaction has not been completed and no personal or financial information about the consumer is transmitted. The consumer now (or later) logs into her Payfont dashboard and finds the transaction, chooses her payment method, and confirms her purchase. Only then is the consumer’s financial data transmitted and it is transmitted to the retailer’s bank or credit card company, rather than directly to the retailer. Only when the retailer confirms it is ready to send the purchased goods is the consumer’s shipping information transmitted.

Payfont also monitors the consumer’s transaction behaviour in line with the consumer’s preferences. A consumer might ask to be notified if she completes more than a certain number of transactions in a day, if she reaches a certain spending threshold in any given transaction, or if she completes a transaction with a merchant not on her pre-approved list.

“An effective protection against identity fraud must embody three principles: unpredictability, latency, and transparency, said professor Lachlan MacKinnon of Greenwich University, London, computer security and countermeasures expert who chairs the Council of Professors and Heads of Computing in the United Kingdom.

"It must be unpredictable in that the model must offer multiple means of identity verification available in innumerable combination. It must introduce latency in that information transfer must be chronologically and locally fractured. It must be transparent so that the consumer can see how the system works at all times in order to create the piece of mind necessary to facilitate online commerce. Until now, no one has managed to design a system that embodies these principles.”

“Piece of mind and ease of use have to be fundamental to the system,” added Dr. Lanc. “Payfont’s system is sufficiently complex to defeat the most sophisticated attempts at fraudulent misuse, but it’s also extremely easy to use. Without those components, some people steer clear of e-commerce. The global economy suffers huge losses not just because of the direct costs of theft but also because of the indirect cost when people choose not to buy at all.”

Indeed, it is estimated that over $110 billion are lost each year to fears of online identity theft. Direct costs of global consumer card fraud reached over $7.6 billion a year with 47% occurring in the United States. One in five US consumers have been victimized.

Payfont has been awarded comprehensive US patent protection for its breakthrough innovation, dating to March 2007. “That’s how far ahead Payfont is,” says Lanc. “The market is only now waking up to the fact the fraud pandemic is not going away but getting worse.”

Some major banks, credit card companies, and other firms in the business of keeping personal and financial identity safe online, such as Amazon, have recently started developing alternatives. Payfont hopes to work with those companies rather than compete with them.

“Payfont can be integrated into the systems of every online commerce site now,” say Lanc. “We’re ready to start that work.”

Dr. David Lanc is a former international director in charge of business development and strategy at Royal Bank of Scotland. At RBS, he was responsible for card development and online purchasing. He was instrumental in the deployment of the 3D Secure online security used around the world and was a member of the UK steering committee which drove the UK rollout of EMV, which began the global rollout the US is only now facing. He holds a PhD in Business and Information Systems Strategy Alignment from Heriot-Watt University, Edinburgh.